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APPEAL BRIEF 

Sir: 

This Appeal Brief is submitted in support of the Notice of Appeal filed on 
September 26, 2003. 

I. REAL PARTY IN INTEREST 

Sun Microsystems, Inc. is the real party in interest. 

II. RELATED APPEALS AND INTERFERENCES 

Appellant is unaware of any related appeals or interferences. 
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III. STATUS OF CLAIMS 

Claims 1 1-23, 34-46, and 57-105 are pending in this application, have been 
finally rejected, and are the subject of this appeal. 

IV. STATUS OF AMENDMENTS 

No amendments were filed after the Final Office Action mailed on June 26, 2003. 

V. SUMMARY OF THE INVENTION 

For a number of years, the U.S. Department of Commerce has regulated, and at 
times, prohibited the exportation of computer programs or applications that implement 
data encryption algorithms. Currently, computer programs cannot, as a general rule, be 
exported if they implement encryption algorithms having cryptographic key sizes 
exceeding a certain number of bits (the specific allowable key size is algorithm-specific). 

These regulations apply not only to programs which directly implement 
encryption algorithms, but also to programs which interface with programs that directly 
implement encryption algorithms. These programs include "framework" programs that 
provide infrastructure for facilitating interaction between various programs. The 
framework itself may not implement any encryption algorithm, but it may allow one or 
more programs that do implement encryption algorithms to interface with or "plug in" to 
the framework. If a framework allows an encryption mechanism to be "plugged in" to 
the framework, the framework itself will be subject to export regulations. This means 
that in order to be exportable, the framework needs to ensure that all export regulations 
are adhered to regardless of the encryption implementation that is plugged in to the 
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framework. In order to do this, the framework needs to have some mechanism for 
enforcing the necessary restrictions on the encryption implementations. 

The invention recited in claims 11-23, 34-46, and 57-105 provides an object- 
oriented mechanism for dynamically constructing customized implementations to enforce 
restrictions on services. For purposes of the present invention, a service is defined 
broadly to encompass any functionality requested by and provided to an application, 
including but not limited to encryption/decryption functionality. In one embodiment, the 
invention is implemented in a system comprising an application, a general 
implementation of a particular service, and a framework. 

The framework receives from the application a request for an implementation of a 
particular service, such as an implementation of a particular encryption algorithm. In 
response, the framework determines what restrictions, if any, need to be imposed on the 
requested implementation. Once the restrictions are determined, the framework 
dynamically constructs the requested implementation. The requested implementation is 
constructed such that it incorporates the general (i.e. unrestricted) implementation of the 
service, the restrictions, and enforcement logic for enforcing the restrictions on the 
general implementation. Since the requested implementation is constructed specifically 
for the application, it is customized for the application. Thus, the implementation is 
referred to as the customized implementation (Specification, pages 1-3). 

In dynamically constructing the customized implementation, the framework 
instantiates a wrapper instance. The wrapper instance comprises enforcement logic for 
enforcing the restrictions. The framework then encapsulates the restrictions and an 
instance of the general implementation within the wrapper instance. In encapsulating 
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the general implementation instance within the wrapper instance, the framework 
maps the methods of the wrapper instance to corresponding methods of the general 
implementation instance. This mapping enables calls to the methods of the wrapper 
instance to be routed to the proper methods of the general implementation instance. 

This is as it should be, since the implementations for these methods are provided by the 
general implementation instance. In contrast to the methods of the general 
implementation instance, however, the wrapper instance will ensure that the restrictions 
are enforced. 

Once the encapsulation process is complete, the framework provides the newly 
constructed wrapper instance to the application that requested the customized 
implementation. The wrapper instance is provided as the customized implementation 
requested by the application. Due to the mapping of the methods of the wrapper instance 
to the proper methods of the general implementation instance, the application may invoke 
the methods of the wrapper instance in the same manner as the application would have 
invoked the methods of the general implementation instance. Consequently, the 
application does not need to be modified to handle the wrapper instance differently than 
the general implementation instance (Specification, pages 14-15). 

Since the customized implementation incorporates the restrictions and 
enforcement logic for enforcing the restrictions, it is not necessary for the application to 
further interact with the framework. The customized implementation itself will provide 
the services, and will guarantee that the restrictions are enforced. By dynamically 
constructing customized implementations in this manner, the framework ensures that the 
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necessary restrictions are enforced on the services provided to the application 
(Specification, page 3). 



VL ISSUES 

The sole issue is whether Claims 1 1-23, 34-46, and 57-105 are unpatentable under 
35 U.S.C. § 103(a) over U.S. Patent Application Publication No. US 2002/01 12171 Al 
by Ginter, et al. ("Ginter") in view of U.S. Patent No. 6,389,534 Bl issued to Elgamal, et 
al. ("Elgamal") in view of Pressman, "Software Engineering: A Practitioner's Approach" 
("Pressman"). 

VII. GROUPING OF CLAIMS 

Claims 11-23, 34-46, and 57-105 fall or stand together. 

VIII. ARGUMENTS 

A. Introduction 

In the Final Office Action dated June 26, 2003, the Examiner rejected Claims 11- 
23, 34-46, and 57-105 under 35 U.S.C. § 103(a) as being unpatentable over Ginter in 
view of Elgamal and Pressman. Based upon the reasons given below, and contrary to the 
Examiner's contention, it is respectfully submitted that Claims 11-23, 34-46, and 57-105 
are patentable over Ginter, Elgamal, and Pressman for at least the reasons provided 
hereinafter. 

It is well founded that to establish a prima facie case of obviousness under 35 
U.S.C. § 103(a), the references cited and relied upon must teach or suggest all the claim 
limitations. In addition, a sufficient factual basis to support the obviousness rejection 
must be proffered. In re Freed, 165 USPQ 570 (CCPA 1970); In re Warner, 154 USPQ 

15437-0109/P4490 5 



173 (CCPA 1967); In re Lunsford, 148 USPQ 721 (CCPA 1966). With respect to the 
present application, it is respectfully submitted that Ginter, Elgamal, and Pressman, taken 
alone or in combination, do not in any way teach or suggest all the limitations of Claims 11- 
23, 34-46, and 57-105. It is further submitted that a sufficient factual basis has not been 
proffered in the Final Office Action mailed June 26, 2003 to support the rejection of Claims 
1 1-23, 34-46, and 57-105 under 35 U.S.C. § 103(a) as being unpatentable over Ginter in 
view of Elgamal and Pressman. 

B. The Limitations of Claims 1 1-23, 34-46, and 57-105 Are Not in Any Way 
Taught or Suggested by Ginter, Elgamal and Pressman 

Claim 1 1 addresses the problem of how to ensure that restrictions are enforced on 
an implementation of a service that is plugged in to a framework. According to the 
approach recited in Claim 1 1, the framework receives, from an application, a request for 
a customized implementation of a particular service. The framework instantiates an 
implementation class that provides an implementation for the particular service. The 
instantiation of the implementation class gives rise to an implementation instance, which 
comprises one or more invocable methods. The framework determines a set of 
restrictions to be imposed on the customized implementation. The framework 
instantiates a wrapper class that comprises enforcement logic for enforcing the 
restrictions. The instantiation of the wrapper class gives rise to a wrapper instance, which 
also comprises one or more invocable methods. The framework encapsulates the 
implementation instance and the restrictions within the wrapper instance. In doing so, the 
framework maps the invocable methods of the wrapper instance to the invocable methods 
of the implementation instance. The framework provides the wrapper instance to the 
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application as the customized implementation. Because the wrapper instance comprises 
logic for enforcing restrictions, and because the restrictions are encapsulated within the 
wrapper instance along with the implementation instance, the customized implementation 
will provide the particular service, and restrictions on that particular service will be 
enforced. 

Summary of Examiner 's Contentions 

In rejecting Claim 11, the Examiner contends that Elgamal discloses several, but 
not all, of the above features. The Examiner admits that Elgamal does not disclose or 
suggest "providing said wrapper instance to the application as said customized 
implementation" as required by Claim 11. Recognizing this deficiency of Elgamal, the 
Examiner contends that Ginter discloses "providing said wrapper instance to the 
application as said customized implementation." Oddly, the Examiner also expressly 
relies upon Pressman to reject Claim 11, although the Examiner does not cite any 
particular limitation of Claim 1 1 that Pressman is relied upon to disclose or suggest. 

The merits of the Examiner's contentions will be discussed in detail below, but 
one initial point to note is that the Examiner completely ignores the last limitations of 
Claim 11, which recite "wherein said wrapper instance comprises one or more invocable 
methods, wherein said implementation instance comprises one or more invocable 
methods, and wherein encapsulating comprises: mapping the one or more invocable 
methods of said wrapper instance to the one or more invocable methods of said 
implementation instance." The Examiner does not even allege that either Ginter, 
Elgamal, or Pressman, alone or in combination, in any way disclose or suggest these 
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limitations. Thus, on this basis alone, the Examiner has failed to make out a prima facie 
case of obviousness. 

To further discuss the merits of the Examiner's contentions, provided below is a 
discussion of each of the references relied upon by the Examiner. Those references, 
taken alone or in combination, fail to disclose or suggest all of the limitations of Claim 
11. 

Elgamal 

Elgamal discloses an application program that calls a service module, which calls 
a policy filter that has been configured by a policy filter initialization module. Based on 
the determination of the policy filter, the service module returns to the application either 
an error (if the operation is not allowed) or a result of the operation requested by the 
application program (see col. 5, line 41-42, and also col. 6, lines 42-43). 

As discussed above, an initial point to note regarding Elgamal is that Elgamal 
does not disclose or suggest "mapping the one or more invocable methods of said 
wrapper instance to the one or more invocable methods of said implementation instance" 
as required by Claim 1 1 . 

Another point to note regarding Elgamal is that Elgamal does not disclose or 
suggest "providing said wrapper instance to the application as said customized 
implementation" as required by Claim 1 1 . Instead, Elgamal discloses the returning of a 
result of an operation to an application. Because Elgamal returns the result rather than a 
customized implementation , the application is required to make a request to a service 
module each time that the application needs to perform a cryptographic operation. Such 



15437-0109/P4490 



8 



repeated requests create a performance bottleneck, which the method of Claim 1 1 makes 
it possible to avoid. 

In the Final Office Action, the Examiner acknowledges this deficiency of 
Elgamal. Thus, even the Examiner admits that Elgamal, taken individual, fails to 
disclose or suggest the method of Claim 1 1 . 

Ginter 

Ginter discloses a content container object that contains information content and a 
permissions record. The information content may be, for example, text, sound, video, or 
computer software. The permissions record specifies rights associated with the content 
container object such as, for example, who can open the container object, who can use the 
container object's contents, and who can distribute the container object. An end user 
cannot use or access the container object's contents unless the permissions record has 
been delivered to the end user. 

As discussed above, an initial point to note regarding Ginter is that Ginter does 
not disclose or suggest "mapping the one or more invocable methods of said wrapper 
instance to the one or more invocable methods of said implementation instance" as 
required by Claim 1 1 . 

Specifically, it should be noted that information content such as text, sound, and 
video does not comprise any invocable methods. Therefore, when the information 
content is text, sound, or video, there are no invocable methods of an implementation 
instance to which invocable methods of a wrapper instance could be mapped. 
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Additionally, the Examiner has failed to show any disclosure or suggestion in Ginter that 
computer software information content comprises invocable methods. 

Even if the Examiner had shown that computer software information content 
comprised invocable methods, the Examiner still has failed to show that Ginter discloses 
or suggests that methods of the content container are mapped to methods of computer 
software information content contained therein. Thus, the Examiner has failed to show 
that Ginter discloses or suggests mapping one or more invocable methods of a wrapper 
instance to one or more invocable methods of an implementation instance, as is required 
by Claim 11. 

For at least these reasons, Ginter taken alone, fails to disclose or suggest all of the 
limitations of Claim 11. 

Pressman 

Pressman discloses general principles of object-oriented software engineering. As 
discussed above, it is not clear exactly which aspect of Claim 1 1 the Examiner attempts 
to show by citing Pressman. In any case, the Examiner has not shown or even alleged 
that Pressman discloses or suggests mapping one or more invocable methods of a 
wrapper instance to one or more invocable methods of an implementation instance as 
required by Claim 11. 

For at least these reasons, Pressman taken alone, fails to disclose or suggest all of 
the limitations of Claim 11. 
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Based on the foregoing, it is therefore respectfully submitted that the Examiner 
has failed to show that Ginter, Elgamal, and Pressman in any way disclose or suggest at 
least one of the limitations of Claim 1 1, namely, the limitation of "mapping the one or 
more invocable methods of said wrapper instance to the one or more invocable methods 
of said implementation instance." Since the Examiner has failed to show that Ginter, 
Elgamal, or Pressman, taken alone or in combination, disclose or suggest all of the 
limitations required by Claim 1 1 , it is respectfully submitted that the Examiner has erred 
in rejecting Claim 1 1, and that Claim 1 1 is patentable over Ginter, Elgamal, and 
Pressman. 

Claims 12-23, 70-72, and 79-87 depend from Claim 1 1 and include all of the 
limitations of Claim 11. It is therefore respectfully submitted that Claims 12-23, 70-72, 
and 79-87 are patentable over Ginter, Elgamal, and Pressman for at least the reasons set 
forth herein with respect to Claim 1 1 . 

Claims 34-46, 73-75, and 88-96 contain limitations similar to Claims 11-23, 70- 
72, and 79-87, except in the context of a framework. It is therefore respectfully 
submitted that Claims 1 1-23, 70-72, and 79-87 are patentable over Ginter, Elgamal, and 
Pressman for at least the reasons set forth herein with respect to Claims 1 1-23, 70-72, and 
79-87. 

Claims 57-69, 76-78, and 97-105 contain limitations similar to Claims 1 1-23, 70- 
72, and 79-87, except in the context of a computer-readable medium. It is therefore 
respectfully submitted that Claims 57-69, 76-78, and 97-105 are patentable over Ginter, 
Elgamal, and Pressman for at least the reasons set forth herein with respect to Claims 11- 
23, 70-72, and 79-87. 
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For at least these reasons, it is respectfully submitted that Claims 1 1-23, 34-46, 
and 57-105 are not in any way taught or suggested by Ginter, Elgamal, or Pressman, 
alone or in combination, and are therefore patentable over Ginter, Elgamal, and 
Pressman. 

C. Claims 1 1-23, 34-46, and 57-105 Are Not Rendered Obvious by Ginter, 

Elgamal and Pressman Because the Examiner Has Not Provided an Adequate 
Motivation to Combine Ginter and Elgamal 

In In re Dembiczak, 50 USPQ2d 1614, 1617 (1999), the Court of Appeals for the 
Federal Circuit (CAFC) warned against the use of hindsight in an obviousness analysis: 

Measuring a claimed invention against the standard established by section 103 
requires the oft-difficult but critical step of casting the mind back to the time of 
invention, to consider the thinking of one of ordinary skill in the art, guided only 
by the prior art references and the then- accepted wisdom in the field. . ..Our case 
law makes clear that the best defense against the subtle but powerful attraction of 
a hindsight-based obviousness analysis is rigorous application of the 
requirement for a showing of the teaching or motivation to combine prior art 
references, (emphasis added) 

The showing must be clear and particular, and broad conclusory statements regarding the 
teaching of multiple references, standing alone, are not evidence. Id. at 1617. 

In In re Lee, 61 USPQ2d 1430, 1434 (2002), the Court of Appeals for the Federal 
Circuit (CAFC) held that an examiner's conclusory statements did not adequately address 
the issue of motivation to combine. In Lee, an examiner held that it would have been 
obvious to a person of ordinary skill in the relevant art to combine the teachings of two 
references to produce a claimed invention. The first reference described a television set 
having a menu display by which a user could adjust various picture and audio functions, 
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but the display lacked a demonstration of how to adjust the functions. The second 
reference described a game's video display as having a demonstration mode that showed 
how to play the game, but the second reference did not mention the adjustment of picture 
or audio functions. Id. at 1431. 

In rejecting a representative claim, which recited both a demonstration mode and 
demonstrating the adjustment of picture functions, the examiner stated that the 
combination of two references "would have been obvious to one of ordinary skill in the 
art since the demonstration mode is just a programmable feature which can be used in 
many different device[s] for providing automatic introduction by adding the proper 
programming software" and that "another motivation would be that the automatic 
demonstration mode is user friendly and it functions as a tutorial." Id. at 1432. 

In vacating the rejection, the CAFC held that the examiner did not adequately 

support the selection and combination of the references. The CAFC explained: 

The examiner's conclusory statements that 'the demonstration mode is just a 
programmable feature which can be used in many different device[s] for 
providing automatic introduction by adding the proper programming software' 
and that 'another motivation would be that the automatic demonstration mode is 
user friendly and it functions as a tutorial' do not adequately address the issue 
of motivation to combine. This factual question of motivation is material to 
patentability, and could not be resolved on subjective belief and unknown 
authority, (emphasis added) 

In the present case, the Examiner similarly has failed to adequately address the 
issue of motivation to combine the references. In the present case, the Examiner attempts 
to establish a motivation to combine Ginter with Elgamal based on the conclusory 
statement that the combination would allow an application to "travel" or be whole 
without having to keep referring back to a framework for restrictions. The Examiner's 
belief that one would be motivated to combine the teachings of Ginter and Elgamal to 
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allow an application to "travel" or be whole without having to keep referring back to a 
framework for restrictions is completely subjective, and the authority on which this belief 
is founded is completely unknown. 

The Examiner's mere summarization of a feature disclosed by Ginter is not in and 
of itself a clear and particular showing why one of ordinary skill in the art would have 
been motivated to apply that feature to the system of Elgamal. The applications disclosed 
by Elgamal do not appear to travel at all, so it is not clear why one of ordinary skill in the 
art would have been motivated to enable those applications to travel without referring to a 
framework for restrictions. The Examiner has not set forth any reasons as to why one of 
ordinary skill in the art would have equated any aspect of the system disclosed in 
Elgamal with the content information, disclosed in Ginter, upon which access restrictions 
may be placed. 

Like the motivations to combine presented by the examiner in Lee, the motivation 
to combine alleged by the Examiner in the present case is neither clear nor particular, and 
can only be characterized as being both broad and conclusory. The Examiner's broad, 
conclusory statements regarding the teachings of Ginter, Elgamal, and Pressman, 
standing by themselves, are not evidence. Consequently, Appellant submits that the 
Examiner has not met his burden in making out a prima facie case of obviousness in the 
present case. Accordingly, Appellant submits that one of ordinary skill in the art would 
not have been motivated to combine Ginter with Elgamal. For at least the reasons 
discussed above, Appellant respectfully submits to the Honorable Board that the rejection 
of Claims 1 1-23, 34-46, and 57-105 should be reversed. 
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IX. CONCLUSION AND PRAYER FOR RELIEF 

Based on the foregoing, it is respectfully submitted the rejections of Claims 11- 
23, 34-46, and 57-105 under 35 U.S.C. § 103(a) lack the requisite factual and legal bases. 
Appellant therefore respectfully requests that the Honorable Board reverse the rejection 
of Claims 1 1-23, 34-46, and 57-105 under 35 U.S.C. § 103(a) over Ginter in view of 
Elgamal and Pressman. 

Respectfully submitted, 

HICKMAN PALERMO TRUONG & 
BECKER LLP 

Christian A. Nicholes 
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CLAIMS APPENDIX 



,0* 

1 11. In a system comprising an application, a framework, and an 

2 implementation class which provides an implementation for a particular service, a 

3 method performed by the framework, comprising: 

4 receiving a request from an application for a customized implementation of a 

5 particular service; 

6 instantiating an implementation class which provides an implementation for the 

7 particular service to give rise to an implementation instance; 

8 determining a set of zero or more restrictions to be imposed on said customized 

9 implementation; 

10 instantiating a wrapper class to give rise to a wrapper instance, said wrapper 

1 1 instance comprising enforcement logic for enforcing said restrictions; 

12 encapsulating said implementation instance and said restrictions within said 

13 wrapper instance; and 

14 providing said wrapper instance to the application as said customized 

15 implementation; 

16 wherein said wrapper instance comprises one or more invocable methods, 

17 wherein said implementation instance comprises one or more invocable methods, and 

1 8 wherein encapsulating comprises: 

1 9 mapping the one or more invocable methods of said wrapper instance to the one 

20 or more invocable methods of said implementation instance. 
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1 12. The method of claim 1 1 , wherein instantiating the implementation class 

2 comprises: 

3 determining whether the implementation class is authentic; and 

4 in response to a determination that the implementation class is authentic, 

5 instantiating the implementation class to give rise to said implementation instance. 

1 13. The method of claim 12, wherein the implementation class has a digital 

2 signature associated therewith, and wherein determining whether the implementation 

3 class is authentic comprises: 

4 verifying said digital signature. 

1 14. The method of claim 12, wherein the implementation class authenticates 

2 the framework prior to giving rise to said implementation instance. 

1 15. The method of claim 1 1 , wherein determining the set of zero or more 

2 restrictions comprises: 

3 accessing information specifying one or more limitations; and 

4 processing said limitations to derive said restrictions. 

1 16. The method of claim 15, wherein the particular service is an 

2 encryption/decryption service, and wherein said information comprises a set of one or 

3 more default encryption limitations. 
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1 17. The method of claim 1 6, wherein said default encryption limitations are 

2 derived by merging multiple jurisdiction policies and extracting therefrom the most 

3 restrictive encryption limitations. 

1 18. The method of claim 1 1 , wherein determining the set of zero or more 

2 restrictions comprises: 

3 accessing information specifying one or more limitations; 

4 determining permissions, if any, granted to the application; and 

5 reconciling said limitations and said permissions to derive said restrictions. 

1 1 9. The method of claim 1 8, wherein said limitations and said permissions are 

2 reconciled to derive restrictions which are least restrictive. 

1 20. The method of claim 1 8, wherein the particular service is an 



2 encryption/decryption service, and wherein said information comprises a set of one or 

3 more default encryption limitations, and a set of zero or more exempt encryption 

4 limitations which apply when one or more exemption mechanisms are implemented. 

1 21 . The method of claim 20, wherein said default encryption limitations and 

2 said exempt encryption limitations are derived by merging multiple jurisdiction policies 

3 and extracting therefrom the most restrictive encryption limitations. 
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1 22. The method of claim 20, wherein reconciling said limitations and said 

2 permissions comprises; 

3 determining whether the application has been granted any permissions; and 

4 in response to a determination that the application has not been granted any 

5 permissions, deriving said restrictions from said set of default encryption limitations. 

1 23. The method of claim 20, wherein reconciling said limitations and said 

2 permissions comprises: 

3 determining whether the application has been granted any permissions which 

4 require implementation of a particular exemption mechanism; 

5 in response to a determination that the application has been granted a permission 

6 which requires implementation of a particular exemption mechanism, determining 

7 whether said exempt encryption limitations allow said particular exemption mechanism 

8 to be implemented; and 

9 in response to a determination that said exempt encryption limitations allow said 

10 particular exemption mechanism to be implemented, deriving said restrictions from said 

1 1 set of exempt encryption limitations. 

1 34. In a system comprising an application and an implementation class which 

2 provides an implementation for a particular service, a framework comprising: 

3 a mechanism for receiving a request from an application for a customized 

fit, 

4 implementation of a particular service; 
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5 a mechanism for instantiating an implementation class which provides an 

6 implementation for the particular service to give rise to an implementation instance; 

7 a mechanism for determining a set of zero or more restrictions to be imposed on 

8 said customized implementation; 

9 a mechanism for instantiating a wrapper class to give rise to a wrapper instance, 

10 said wrapper instance comprising enforcement logic for enforcing said restrictions; 

11 a mechanism for encapsulating said implementation instance and said restrictions 

12 within said wrapper instance; and 

13 a mechanism for providing said wrapper instance to the application as said 

14 customized implementation; 

1 5 wherein said wrapper instance comprises one or more invocable methods, 

16 wherein said implementation instance comprises one or more invocable methods, and 

1 7 wherein the mechanism for encapsulating comprises: 

1 8 a mechanism for mapping the one or more invocable methods of said wrapper 

19 instance to the one or more invocable methods of said implementation instance. 

1 35. The framework of claim 34, wherein the mechanism for instantiating the 

2 implementation class comprises: 

3 a mechanism for determining whether the implementation class is authentic; and 

4 a mechanism for instantiating, in response to a determination that the 

5 implementation class is authentic, the implementation class to give rise to said 

6 implementation instance. 
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1 36. The framework of claim 35, wherein the implementation class has a digital 

2 signature associated therewith, and wherein the mechanism for determining whether the 

3 implementation class is authentic comprises: 

4 a mechanism for verifying said digital signature. 

1 37. The framework of claim 35, wherein the implementation class 

2 authenticates the framework prior to giving rise to said implementation instance. 

1 38. The framework of claim 34, wherein the mechanism for determining the 

2 set of zero or more restrictions comprises: 

3 a mechanism for accessing information specifying one or more limitations; and 

4 a mechanism for processing said limitations to derive said restrictions. 

1 39. The framework of claim 38, wherein the particular service is an 

2 encryption/decryption service, and wherein said information comprises a set of one or 

3 more default encryption limitations. 

1 40. The framework of claim 39, wherein said default encryption limitations 

2 are derived by merging multiple jurisdiction policies and extracting therefrom the most 

3 restrictive encryption limitations. 

1 41 . The framework of claim 34, wherein the mechanism for determining the 

2 set of zero or more restrictions comprises: 

3 a mechanism for accessing information specifying one or more limitations; 
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4 a mechanism for determining permissions, if any, granted to the application; and 

5 a mechanism for reconciling said limitations and said permissions to derive said 

6 restrictions. 

1 42. The framework of claim 41, wherein said limitations and said permissions 

2 are reconciled to derive restrictions which are least restrictive. 

1 43. The framework of claim 41 , wherein the particular service is an 

2 encryption/decryption service, and wherein said information comprises a set of one or 



3 more default encryption limitations, and a set of zero or more exempt encryption 

4 limitations which apply when one or more exemption mechanisms are implemented. 



1 44. The framework of claim 43, wherein said default encryption limitations 

2 and said exempt encryption limitations are derived by merging multiple jurisdiction 

3 policies and extracting therefrom the most restrictive encryption limitations. 

1 45. The framework of claim 43, wherein the mechanism for reconciling said 

2 limitations and said permissions comprises: 

3 a mechanism for determining whether the application has been granted any 

4 permissions; and 

5 a mechanism for deriving, in response to a determination that the application has 

6 not been granted any permissions, said restrictions from said set of default encryption 

7 limitations. 
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1 46. The framework of claim 43, wherein the mechanism for reconciling said 

2 limitations and said permissions comprises: 

3 a mechanism for determining whether the application has been granted any 

4 permissions which require implementation of a particular exemption mechanism; 

5 a mechanism for determining, in response to a determination that the application 

6 has been granted a permission which requires implementation of a particular exemption 

7 mechanism, whether said exempt encryption limitations allow said particular exemption 

8 mechanism to be implemented; and 

9 a mechanism for deriving, in response to a determination that said exempt 

10 encryption limitations allow said particular exemption mechanism to be implemented, 

1 1 said restrictions from said set of exempt encryption limitations. 

1 57. In a system comprising an application and an implementation class which 

2 provides an implementation for a particular service, a computer readable medium having 

3 stored thereon instructions which, when executed by one or more processors, cause the 

4 one or more processors to implement a framework which dynamically constructs a 

5 customized implementation, said computer readable medium comprising: 

6 instructions for causing one or more processors to receive a request from an 

7 application for a customized implementation of a particular service; 

8 instructions for causing one or more processors to instantiate an implementation 

9 class which provides an implementation for the particular service to give rise to an 
10 implementation instance; 



15437-0109/P4490 



1 1 instructions for causing one or more processors to determine a set of zero or more 

12 restrictions to be imposed on said customized implementation; 

13 instructions for causing one or more processors to instantiate a wrapper class to 

14 give rise to a wrapper instance, said wrapper instance comprising enforcement logic for 

1 5 enforcing said restrictions; 

16 instructions for causing one or more processors to encapsulate said 

17 implementation instance and said restrictions within said wrapper instance; and 

1 8 instructions for causing one or more processors to provide said wrapper instance 

19 to the application as said customized implementation; 

20 wherein said wrapper instance comprises one or more invocable methods, 

21 wherein said implementation instance comprises one or more invocable methods, and 

22 wherein the instructions for causing one or more processors to encapsulate comprises: 

23 instructions for causing one or more processors to map the one or more invocable 

24 methods of said wrapper instance to the one or more invocable methods of said 

25 implementation' instance. 

1 58. The computer readable medium of claim 57, wherein the instructions for 

2 causing one or more processors to instantiate the implementation class comprises: 

3 instructions for causing one or more processors to determine whether the 

4 implementation class is authentic; and 

5 instructions for causing one or more processors to instantiate, in response to a 

6 determination that the implementation class is authentic, the implementation class to give 

7 rise to said implementation instance. 
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1 59. The computer readable medium of claim 58, wherein the implementation 

2 class has a digital signature associated therewith, and wherein the instructions for causing 

3 one or more processors to determine whether the implementation class is authentic 

4 comprises: 

5 instructions for causing one or more processors to verify said digital signature. 

1 60. The computer readable medium of claim 58, wherein the implementation 

2 class authenticates the framework prior to giving rise to said implementation instance. 

1 61. The computer readable medium of claim 57, wherein the instructions for 

2 causing one or more processors to determine the set of zero or more restrictions 

3 comprises: 

4 instructions for causing one or more processors to access information specifying 

5 one or more limitations; and 

6 instructions for causing one or more processors to process said limitations to 

7 derive said restrictions. 

1 62. The computer readable medium of claim 61, wherein the particular service 

2 is an encryption/decryption service, and wherein said information comprises a set of one 

3 or more default encryption limitations. 
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63. The computer readable medium of claim 62, wherein said default 
encryption limitations are derived by merging multiple jurisdiction policies and 
extracting therefrom the most restrictive encryption limitations. 



1 64. The computer readable medium of claim 57, wherein the instructions for 

2 causing one or more processors to determine the set of zero or more restrictions 

3 comprises: 

4 instructions for causing one or more processors to access information specifying 

5 one or more limitations; 

6 instructions for causing one or more processors to determine permissions, if any, 

7 granted to the application; and 

8 instructions for causing one or more processors to reconcile said limitations and 

9 said permissions to deriye said restrictions. 



1 65. The computer readable medium of claim 64, wherein said limitations and 

2 said permissions are reconciled to derive restrictions which are least restrictive. 

1 66. The computer readable medium of claim 64, wherein the particular service 

2 is an encryption/decryption service, and wherein said information comprises a set of one 

3 or more default encryption limitations, and a set of zero or more exempt encryption 

4 limitations which apply when one or more exemption mechanisms are implemented. 



1 67. The computer readable medium of claim 66, wherein said default 

2 encryption limitations and said exempt encryption limitations are derived by merging 
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3 multiple jurisdiction policies and extracting therefrom the most restrictive encryption 

4 limitations. 

1 68. The computer readable medium of claim 66, wherein the instructions for 

2 causing one or more processors to reconcile said limitations and said permissions 

3 comprises: 

4 instructions for causing one or more processors to determine whether the 

5 application has been granted any permissions; and 

6 instructions for causing one or more processors to derive, in response to a 

7 determination that the application has not been granted any permissions, said restrictions 

8 from said set of default encryption limitations. 

1 69. The computer readable medium of claim 66, wherein the instructions for 

2 causing one or more processors to reconcile said limitations and said permissions 

3 comprises: 

4 instructions for causing one or more processors to determine whether the 

5 application has been granted any permissions which require implementation of a 

6 particular exemption mechanism; 

7 instructions for causing one or more processors to determine, in response to a 

8 determination that the application has been granted a permission which requires 

9 implementation of a particular exemption mechanism, whether said exempt encryption 
10 limitations allow said particular exemption mechanism to be implemented; and 
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1 1 instructions for causing one or more processors to derive, in response to a 

12 determination that said exempt encryption limitations allow said particular exemption 

13 mechanism to be implemented, said restrictions from said set of exempt encryption 

14 limitations. 

1 70. The method of claim 1 1 , wherein determining said set of zero or more 

2 restrictions includes determining a set of zero or more restrictions that are specific to said 

3 application. 

1 71 . The method of claim 70, wherein determining said set of zero or more 

2 restrictions that are specific to said application includes determining a set of zero or more 

3 restrictions that are customized for said application. 

1 72. The method of claim 11, wherein said set is a first set, and wherein said 

2 customized implementation is a first customized implementation, and further comprising: 

3 receiving a request from a second application for a second customized 

4 implementation of said particular service, wherein said second customized 

5 implementation differs from said first customized implementation; 

6 instantiating said implementation class which provides said implementation for 

7 said particular service to give rise to a second implementation instance; 

8 determining a second set of zero or more restrictions to be imposed on said 

9 second customized implementation, wherein said second set differs from said first set; 
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10 instantiating said wrapper class to give rise to a second wrapper instance, said 

1 1 second wrapper instance comprising enforcement logic for enforcing said second set of 

1 2 zero or more restrictions; 

13 encapsulating said second implementation instance and said second set of zero or 

14 more restrictions within said second wrapper instance; and 

15 providing said second wrapper instance to said second application as said second 

16 customized implementation. 

1 73. The framework of claim 34, wherein said mechanism for determining said 

2 set of zero or more restrictions includes a mechanism for determining a set of zero or 

3 more restrictions that are specific to said application. 

1 74. The framework of claim 73, wherein said mechanism for determining said 

2 set of zero or more restrictions that are specific to said application includes a mechanism 

3 for determining a set of zero or more restrictions that are customized for said application. 

1 75. The framework of claim 34, wherein said set is a first set, and wherein 

2 said customized implementation is a first customized implementation, and further 

3 comprising: 

4 a mechanism for receiving a request from a second application for a second 

5 customized implementation of said particular service, wherein said second customized 

6 implementation differs from said first customized implementation; 

7 a mechanism for instantiating said implementation class which provides said 

8 implementation for said particular service to give rise to a second implementation 

9 instance; 
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10 a mechanism for determining a second set of zero or more restrictions to be 

1 1 imposed on said second customized implementation, wherein said second set differs from 

12 said first set; 

13 a mechanism for instantiating said wrapper class to give rise to a second wrapper 

14 instance, said second wrapper instance comprising enforcement logic for enforcing said 

1 5 second set of zero or more restrictions; 

16 a mechanism for encapsulating said second implementation instance and said 

17 second set of zero or more restrictions within said second wrapper instance; and 

18 a mechanism for providing said second wrapper instance to said second 

19 application as said second customized implementation. 

1 76. The computer readable medium of claim 57, wherein said instructions for 

2 determining said set of zero or more restrictions include instructions for determining a set 

3 of zero or more restrictions that are specific to said application. 

1 77. The computer readable medium of claim 76, wherein said instructions for 

2 determining said set of zero or more restrictions that are specific to said application 

3 include instructions for determining a set of zero or more restrictions that are customized 

4 for said application. 

1 78. The computer readable medium of claim 57, wherein said set is a first set, 

2 and wherein said customized implementation is a first customized implementation, and 

3 further comprising: 
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4 instructions for receiving a request from a second application for a second 

5 customized implementation of said particular service, wherein said second customized 

6 implementation differs from said first customized implementation; 

7 instructions for instantiating said implementation class which provides said 

8 implementation for said particular service to give rise to a second implementation 

9 instance; 

10 instructions for determining a second set of zero or more restrictions to be 

1 1 imposed on said second customized implementation, wherein said second set differs from 

12 said first set; 

13 instructions for instantiating said wrapper class to give rise to a second wrapper 

14 instance, said second wrapper instance comprising enforcement logic for enforcing said 

1 5 second set of zero or more restrictions; 

16 instructions for encapsulating said second implementation instance and said 

17 second set of zero or more restrictions within said second wrapper instance; and 

18 instructions for providing said second wrapper instance to said second application 

19 as said second customized implementation. 

1 79. The method of claim 1 1, wherein said wrapper instance is invocable by 

2 the application without further interaction with the framework. 

1 80. The method of claim 1 1, wherein the implementation class provides an 

2 unrestricted implementation for the particular service. 
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1 81. The method of claim 80, wherein the particular service is an 

2 encryption/decryption service, and wherein the unrestricted implementation provided by 

3 the implementation class is capable of using unlimited encryption/decryption parameters. 

1 82. The method of claim 8 1 , wherein the unrestricted implementation 

2 provided by the implementation class is capable of using encryption/decryption keys of 

3 any size. 

1 83. The method of claim 11, wherein said enforcement logic enforces said 

2 restrictions on said implementation instance. 

1 84. The method of claim 83, wherein said enforcement logic enforces said 

2 restrictions on said implementation instance by: 

3 receiving a set of desired parameters from the application; 

4 determining whether the desired parameters exceed said restrictions; and 

5 in response to a determination that the desired parameters exceed said restrictions, 

6 preventing said implementation instance from operating. 

1 85. The method of claim 84, wherein said enforcement logic is invoked upon 

2 initialization of said wrapper instance. 
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1 86. The method of claim 1 1 , wherein the system further comprises an 

2 exemption mechanism class which provides an implementation for a particular exemption 

3 mechanism, and wherein said method further comprises: 

4 instantiating the exemption mechanism class to give rise to an exemption 

5 mechanism instance; and 

6 encapsulating said exemption mechanism instance within said wrapper instance. 

1 87. The method of claim 86, wherein said enforcement logic is invoked upon 

2 initialization of said wrapper instance, and when invoked, said enforcement logic: 

3 determines whether said exemption mechanism instance has been invoked; and 

4 in response to a determination that said exemption mechanism instance has not 

5 been invoked, preventing said implementation instance from operating. 

1 88. The framework of claim 34, wherein said wrapper instance is invocable by 

2 the application without further interaction with the framework. 

1 89. The framework of claim 34, wherein the implementation class provides an 

2 unrestricted implementation for the particular service. 

1 90. The framework of claim 89, wherein the particular service is an 

2 encryption/decryption service, and wherein the unrestricted implementation provided by 

3 the implementation class is capable of using unlimited encryption/decryption parameters. 
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1 91. The framework of claim 90, wherein the unrestricted implementation 

2 provided by the implementation class is capable of using encryption/decryption keys of 

3 any size. 

1 92. The framework of claim 34, wherein said enforcement logic enforces said 

2 restrictions on said implementation instance. 

1 93. The framework of claim 92, wherein said enforcement logic enforces said 

2 restrictions on said implementation instance by: 

3 receiving a set of desired parameters from the application; 

4 determining whether the desired parameters exceed said restrictions; and 

5 in response to a determination that the desired parameters exceed said restrictions, 

6 preventing said implementation instance from operating. 

1 94. The framework of claim 93, wherein said enforcement logic is invoked 

2 upon initialization of said wrapper instance. 

1 95. The framework of claim 34, wherein the system further comprises an 

2 exemption mechanism class which provides an implementation for a particular exemption 

3 mechanism, and wherein said framework further comprises: 

4 a mechanism for instantiating the exemption mechanism class to give rise to an 

5 exemption mechanism instance; and 
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6 a mechanism for encapsulating said exemption mechanism instance within said 

7 wrapper instance. 



1 96. The framework of claim 95, wherein said enforcement logic is invoked 

2 upon initialization of said wrapper instance, and when invoked, said enforcement logic: 

3 determines whether said exemption mechanism instance has been invoked; and 

4 in response to a determination that said exemption mechanism instance has not 

5 been invoked, preventing said implementation instance from operating. 

1 97. The computer readable medium of claim 57, wherein said wrapper 

2 instance is invocable by the application without further interaction with the framework. 

1 98. The computer readable medium of claim 57, wherein the implementation 

2 class provides an unrestricted implementation for the particular service. 

1 99. The computer readable medium of claim 98, wherein the particular service 

2 is an encryption/decryption service, and wherein the unrestricted implementation 

3 provided by the implementation class is capable of using unlimited encryption/decryption 

4 parameters. 

1 1 00. The computer readable medium of claim 99, wherein the unrestricted 

2 implementation provided by the implementation class is capable of using 

3 encryption/decryption keys of any size. 
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1 101 . The computer readable medium of claim 57, wherein said enforcement 

2 logic enforces said restrictions on said implementation instance. 

1 1 02. The computer readable medium of claim 101, wherein said enforcement 

2 logic enforces said restrictions on said implementation instance by: 

3 receiving a set of desired parameters from the application; 

4 determining whether the desired parameters exceed said restrictions; and 

5 in response to a determination that the desired parameters exceed said restrictions, 

6 preventing said implementation instance from operating. 

1 103. The computer readable medium of claim 102, wherein said enforcement 

2 logic is invoked upon initialization of said wrapper instance. 

1 104. The computer readable medium of claim 57, wherein the system further 



2 comprises an exemption mechanism class which provides an implementation for a 

3 particular exemption mechanism, and wherein said computer readable medium further 

4 comprises: 

5 instructions for causing one or more processors to instantiate the exemption 

6 mechanism class to give rise to an exemption mechanism instance; and 

7 instructions for causing one or more processors to encapsulate said exemption 

8 mechanism instance within said wrapper instance. 
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105. The coiriputer readable medium of claim 104, wherein said enforcement 
logic is invoked upon initialization of said wrapper instance, and when invoked, said 
enforcement logic: 

determines whether said exemption mechanism instance has been invoked; and 
in response to a ;determination that said exemption mechanism instance has not 
been invoked, preventing said implementation instance from operating. 
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